Organization policies are rules that the organization creates to enforce security and access rules on all managed APIs. The organization can enforce IP filtering access policies and determine the rate at which managed API requests can be made.
The IP filtering policy designates the range of computer IP addresses that are allowed to invoke or are denied permission to invoke managed APIs. The rate limiting policy controls the number of times any managed API can be invoked during a designated time period.
Policies page, you can change the default rate limit policy settings, and add, edit, or delete an IP filtering policy. IP filtering policies are applied according to the order of the policies. The order of the policy determines its precedence.
When an API consumer attempts to access a managed API and is denied due to an IP filtering policy, the HTTP response includes a
403 Forbidden status code and the description
Invocation is prohibited due to organization policies.
When an API consumer attempts to access a managed API and access is denied due to a rate limit policy, the HTTP response includes a
429 Too Many Requests status code and the description
API rate limit reached.
When an API consumer attempts to access a managed API and is denied due to a rate limit policy or an IP filtering policy, API Manager logs an event in the event log. For more information about the event log, see